[转载]税务师(TaxExpert) 200306 通用版注册算法分析（KEYFILE，3DES）

文章作者:kyc

税务师(TaxExpert)200306通用版注册算法分析（KEYFILE，3DES）
软件大小：8924KB
软件语言：简体中文
软件类别：国产软件/共享版/财务管理
下载地址:http://www4.skycn.com/soft/8527.html
应用平台：Win9x/NT/2000/XP
软件介绍：\"税务师(通用版)\"2003版升级说明:\"税务师\"软件，其中汇集了国家税务总局、财政部等相关职能部门从93年以来所发
布的各类财政、税收法规。\"税务师\"(TaxExpert)软件自从2002年6月在网上发布以来，许多的朋友对该软件的一些不足之处提出了很好
的建议，值此该软件诞生一周年之际，作者特别将该软件进行了了全面的整理，具体修改如下：1、更新了法规库。2、清理了法规库中一
些无用的信息(包括地方版的法规)。3、添加了对复杂检索的支持。4、增加了对文件作废的支持。5、增加了对手动添加税收法律法规的支持。6、改变了法规数据中的共亨方式。支持法规库的在线升级及数据的导出操作。7、改善了应用程序的界面：完全使用了OfficeXP的界面风格，操作更容易。
作者声明】：初学Crack，只是感兴趣，没有其他目的。失误之处敬请诸位大侠赐教！
破解工具：PEID，OD，VC.NET。
==============================================================================================================
【破解过程】一开始破解这个软件因为逆推算法觉得无法做注册机。后来用PEID看该软用了DES就看了一些DES的一些加密文章
和算法。主要是参考了王俊川的3DES，C代码一边用OD跟踪一边用VC.NET跟踪3DES代码，才恍然大悟。3DES可以加密也可以
解密。别罗嗦了，看下面的过程吧。


0040708F90nop
00407090$6AFFpush-1
00407092.68D1234B00pushTaxExper.004B23D1;SE句柄安装
00407097.64:A100000000moveax,dwordptrfs:[0]
0040709D.50pusheax
0040709E.64:892500000000movdwordptrfs:[0],esp
004070A5.81EC040C0000subesp,0C04;BPCreateFileA
004070AB.53pushebx
004070AC.33DBxorebx,ebx
004070AE.56pushesi
004070AF.8BF1movesi,ecx
004070B1.8D4C2448leaecx,dwordptrss:[esp+48]
004070B5.895C2458movdwordptrss:[esp+58],ebx
004070B9.895C245Cmovdwordptrss:[esp+5C],ebx
004070BD.895C2460movdwordptrss:[esp+60],ebx
004070C1.895C2464movdwordptrss:[esp+64],ebx
004070C5.895C2468movdwordptrss:[esp+68],ebx
004070C9.895C246Cmovdwordptrss:[esp+6C],ebx
004070CD.E8CCD90800callTaxExper.00494A9E
004070D2.8D442458leaeax,dwordptrss:[esp+58]
004070D6.50pusheax;/Arg2
004070D7.68F0C04B00pushTaxExper.004BC0F0;|Arg1=004BC0F0ASCII"TaxExpert.nfo"
004070DC.899C241C0C0000movdwordptrss:[esp+C1C],ebx;|
004070E3.E8B1E10800callTaxExper.00495299;\打开"TaxExpert.nfo"文件
004070E8.85C0testeax,eax
004070EA.0F84D5010000jeTaxExper.004072C5;打开是否成功
004070F0.53pushebx
004070F1.68F0C04B00pushTaxExper.004BC0F0;ASCII"TaxExpert.nfo"
004070F6.8D4C2430leaecx,dwordptrss:[esp+30]
004070FA.E875DE0800callTaxExper.00494F74
004070FF.6878030000push378;/Arg2=00000378
00407104.8D8C2484010000leaecx,dwordptrss:[esp+184];|
0040710B.51pushecx;|Arg1
0040710C.8D4C2430leaecx,dwordptrss:[esp+30];|
00407110.C684241C0C000001movbyteptrss:[esp+C1C],1;|
00407118.E88ED60800callTaxExper.004947AB;\TaxExper.004947AB
0040711D.3D78030000cmpeax,378;"TaxExpert.nfo"字节长度是否为:0X378=888
00407122.8D4C2428leaecx,dwordptrss:[esp+28]
00407126.740AjeshortTaxExper.00407132;不等就88
00407128.E80FD90800callTaxExper.00494A3C
0040712D.E983010000jmpTaxExper.004072B5
00407132>57pushedi
00407133.E804D90800callTaxExper.00494A3C;读"TaxExpert.nfo"12F160DDESP+184保存起始地址
00407138.8B942459020000movedx,dwordptrss:[esp+259];259-184=0xd5=213d取第213位开始的4个字节
0040713F.8B8C2461020000movecx,dwordptrss:[esp+261];261-184=0xDD=213d取第221位开始的4个字节
00407146.8B84245D020000moveax,dwordptrss:[esp+25D];25D-184=0xd9=213d取第217位开始的4个字节
0040714D.8954243Cmovdwordptrss:[esp+3C],edx;取完保存在edx[esp+3C]取名REGSTR[]
00407151.8B942465020000movedx,dwordptrss:[esp+265];265-184=0xE1=225d取第213位开始的4个字节
00407158.894C2444movdwordptrss:[esp+44],ecx
0040715C.8D8C24FC040000leaecx,dwordptrss:[esp+4FC];4FC-184=0X378尾部地址传给ECX
00407163.89442440movdwordptrss:[esp+40],eax
00407167.89542448movdwordptrss:[esp+48],edx
0040716B.E800240700callTaxExper.00479570;影响ESP指针
00407170.8B86480E0000moveax,dwordptrds:[esi+E48];机器码
00407176.8B78F4movedi,dwordptrds:[eax-C]
00407179.8B48FCmovecx,dwordptrds:[eax-4]
0040717C.81C6480E0000addesi,0E48
00407182.83E810subeax,10
00407185.83F901cmpecx,1
00407188.C68424180C000002movbyteptrss:[esp+C18],2
00407190.7E0BjleshortTaxExper.0040719D
00407192.8B4804movecx,dwordptrds:[eax+4]
00407195.51pushecx
00407196.8BCEmovecx,esi
00407198.E873A6FFFFcallTaxExper.00401810;机器码
0040719D>8B36movesi,dwordptrds:[esi]
0040719F.6A01push1
004071A1.57pushedi
004071A2.56pushesi
004071A3.6A10push10
004071A5.8D54244Cleaedx,dwordptrss:[esp+4C];刚取的注册码REGSTR[]
004071A9.52pushedx
004071AA.8D442430leaeax,dwordptrss:[esp+30]
004071AE.50pusheax
004071AF.8D8C2414050000leaecx,dwordptrss:[esp+514]
004071B6.E885280000callTaxExper.00409A40;关键算法
004071BB.8B0DE0C04B00movecx,dwordptrds:[4BC0E0];TaxE
004071C1.A1E8C04B00moveax,dwordptrds:[4BC0E8];t-V2
004071C6.8B15E4C04B00movedx,dwordptrds:[4BC0E4];xper
004071CC.894C240Cmovdwordptrss:[esp+C],ecx
004071D0.8B0DECC04B00movecx,dwordptrds:[4BC0EC];003
004071D6.89442414movdwordptrss:[esp+14],eax
004071DA.894C2418movdwordptrss:[esp+18],ecx
004071DE.89542410movdwordptrss:[esp+10],edx
004071E2.B901000000movecx,1
004071E7.33C0xoreax,eax
004071E9.5Fpopedi
004071EA.8D9B00000000leaebx,dwordptrds:[ebx]
004071F0>8A540408movdl,byteptrss:[esp+eax+8];ESP+8="TaxExpert-V2003"=12EFE8
004071F4.3A540418cmpdl,byteptrss:[esp+eax+18];ESP+18=12EFF8
004071F8.7402jeshortTaxExper.004071FC
004071FA.33C9xorecx,ecx
004071FC>8A540409movdl,byteptrss:[esp+eax+9]
00407200.3A540419cmpdl,byteptrss:[esp+eax+19]
00407204.7402jeshortTaxExper.00407208
00407206.33C9xorecx,ecx
00407208>8A54040Amovdl,byteptrss:[esp+eax+A]
0040720C.3A54041Acmpdl,byteptrss:[esp+eax+1A]
00407210.7402jeshortTaxExper.00407214
00407212.33C9xorecx,ecx
00407214>8A54040Bmovdl,byteptrss:[esp+eax+B]
00407218.3A54041Bcmpdl,byteptrss:[esp+eax+1B]
0040721C.7402jeshortTaxExper.00407220
0040721E.33C9xorecx,ecx
00407220>8A54040Cmovdl,byteptrss:[esp+eax+C]
00407224.3A54041Ccmpdl,byteptrss:[esp+eax+1C]
00407228.7402jeshortTaxExper.0040722C
0040722A.33C9xorecx,ecx
0040722C>8A54040Dmovdl,byteptrss:[esp+eax+D]
00407230.3A54041Dcmpdl,byteptrss:[esp+eax+1D]
00407234.7402jeshortTaxExper.00407238
00407236.33C9xorecx,ecx
00407238>8A54040Emovdl,byteptrss:[esp+eax+E]
0040723C.3A54041Ecmpdl,byteptrss:[esp+eax+1E]
00407240.7402jeshortTaxExper.00407244
00407242.33C9xorecx,ecx
00407244>8A54040Fmovdl,byteptrss:[esp+eax+F]
00407248.3A54041Fcmpdl,byteptrss:[esp+eax+1F]
0040724C.7402jeshortTaxExper.00407250
0040724E.33C9xorecx,ecx
00407250>83C008addeax,8
00407253.83F810cmpeax,10
00407256.^7C98jlshortTaxExper.004071F0
00407258.3BCBcmpecx,ebx
0040725A.C68424140C000001movbyteptrss:[esp+C14],1
00407262.8D8C24F8040000leaecx,dwordptrss:[esp+4F8]
00407269.7445jeshortTaxExper.004072B0;关键跳转可以爆
0040726B.E8205B0600callTaxExper.0046CD90
00407270.8D4C2428leaecx,dwordptrss:[esp+28]

======================================================================================================
callTaxExper.00409A40;关键算法
=========================================================================================================
00409A40/$53pushebx
00409A41|.55pushebp
00409A42|.56pushesi
00409A43|.57pushedi
00409A44|.8B7C2414movedi,dwordptrss:[esp+14]
00409A48|.85FFtestedi,edi
00409A4A|.8BF1movesi,ecx
00409A4C|.0F84C3000000jeTaxExper.00409B15;机器码是否等于0
00409A52|.8B6C2418movebp,dwordptrss:[esp+18]
00409A56|.85EDtestebp,ebp;REGSTR[]是否为空
00409A58|.0F84B7000000jeTaxExper.00409B15
00409A5E|.8B442420moveax,dwordptrss:[esp+20]
00409A62|.85C0testeax,eax
00409A64|.0F84AB000000jeTaxExper.00409B15
00409A6A|.8B5C241Cmovebx,dwordptrss:[esp+1C]
00409A6E|.83C307addebx,7
00409A71|.83E3F8andebx,FFFFFFF8;EBX=0X10
00409A74|.0F849B000000jeTaxExper.00409B15
00409A7A|.8B4C2424movecx,dwordptrss:[esp+24]
00409A7E|.51pushecx;机器码长度
00409A7F|.50pusheax;机器码入栈
00409A80|.8BCEmovecx,esi
00409A82|.E8A9FDFFFFcallTaxExper.00409830;算法进入
00409A87|.8A8600060000moval,byteptrds:[esi+600]
00409A8D|.C1FB03sarebx,3;EBXSHR3
00409A90|.84C0testal,al
00409A92|.7525jnzshortTaxExper.00409AB9;!Is3DES
00409A94|.85DBtestebx,ebx
00409A96|.7E74jleshortTaxExper.00409B0C
00409A98|>8B542428/movedx,dwordptrss:[esp+28];//1次DES
00409A9C|.52|pushedx
00409A9D|.56|pushesi
00409A9E|.55|pushebp
00409A9F|.57|pushedi
00409AA0|.8BCE|movecx,esi
00409AA2|.E859FEFFFF|callTaxExper.00409900;DES(Out,In,&SubKey[0],Type);
00409AA7|.83C708|addedi,8
00409AAA|.83C508|addebp,8
00409AAD|.4B|decebx
00409AAE|.^75E8\jnzshortTaxExper.00409A98
00409AB0|.5Fpopedi
00409AB1|.5Epopesi
00409AB2|.5Dpopebp
00409AB3|.B001moval,1
00409AB5|.5Bpopebx
00409AB6|.C21800retn18
================================================================================================
callTaxExper.00409830;算法进入
=================================================================================================
00409830/$53pushebx
00409831|.8BD9movebx,ecx
00409833|.33C9xorecx,ecx;ECX=0
00409835|.8D8301070000leaeax,dwordptrds:[ebx+701]
0040983B|.8BD0movedx,eax
0040983D|.890Amovdwordptrds:[edx],ecx
0040983F|.894A04movdwordptrds:[edx+4],ecx
00409842|.55pushebp
00409843|.8B6C2410movebp,dwordptrss:[esp+10];机器码长度
00409847|.83FD10cmpebp,10;机器码长度是否大于16
0040984A|.894A08movdwordptrds:[edx+8],ecx
0040984D|.894A0Cmovdwordptrds:[edx+C],ecx
00409850|.B910000000movecx,10
00409855|.7F02jgshortTaxExper.00409859
00409857|.8BCDmovecx,ebp
00409859|>56pushesi
0040985A|.8B742410movesi,dwordptrss:[esp+10];机器码
0040985E|.8BD1movedx,ecx
00409860|.57pushedi
00409861|.C1E902shrecx,2
00409864|.8BF8movedi,eax
00409866|.F3:A5repmovsdwordptres:[edi],dwordptrds:>
00409868|.8BCAmovecx,edx
0040986A|.83E103andecx,3
0040986D|.50pusheax;机器码入栈=KEY
0040986E|.F3:A4repmovsbyteptres:[edi],byteptrds:[e>
00409870|.53pushebx
00409871|.8BCBmovecx,ebx
00409873|.E8B8FEFFFFcallTaxExper.00409730;Des_SetKey(constcharKey[8])
00409878|.83FD08cmpebp,8;机器码长度是否小于等于8
0040987B|.5Fpopedi
0040987C|.5Epopesi
0040987D|.7E22jleshortTaxExper.004098A1;Is3DES=len>8?(SetSubKey(&SubKey[1],&deskey[8]),true):false;
0040987F|.8D8309070000leaeax,dwordptrds:[ebx+709]
00409885|.50pusheax;EAX=G3RZ3C
00409886|.8D8B00030000leaecx,dwordptrds:[ebx+300]
0040988C|.51pushecx
0040988D|.8BCBmovecx,ebx
0040988F|.E89CFEFFFFcallTaxExper.00409730
00409894|.B001moval,1
00409896|.5Dpopebp
00409897|.888300060000movbyteptrds:[ebx+600],al
0040989D|.5Bpopebx
0040989E|.C20800retn8
004098A1|>32C0xoral,al
004098A3|.5Dpopebp
004098A4|.888300060000movbyteptrds:[ebx+600],al
004098AA|.5Bpopebx
004098AB\.C20800retn8
===========================================================================================
callTaxExper.00409730;Des_SetKey(constcharKey[8])
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
00409831|.8BD9movebx,ecx
00409833|.33C9xorecx,ecx;ECX=0
00409835|.8D8301070000leaeax,dwordptrds:[ebx+701]
0040983B|.8BD0movedx,eax
0040983D|.890Amovdwordptrds:[edx],ecx
0040983F|.894A04movdwordptrds:[edx+4],ecx
00409842|.55pushebp
00409843|.8B6C2410movebp,dwordptrss:[esp+10];机器码长度
00409847|.83FD10cmpebp,10;机器码长度是否大于16
0040984A|.894A08movdwordptrds:[edx+8],ecx
0040984D|.894A0Cmovdwordptrds:[edx+C],ecx
00409850|.B910000000movecx,10
00409855|.7F02jgshortTaxExper.00409859
00409857|.8BCDmovecx,ebp
00409859|>56pushesi
0040985A|.8B742410movesi,dwordptrss:[esp+10];机器码
0040985E|.8BD1movedx,ecx
00409860|.57pushedi
00409861|.C1E902shrecx,2
00409864|.8BF8movedi,eax
00409866|.F3:A5repmovsdwordptres:[edi],dwordptrds:>
00409868|.8BCAmovecx,edx
0040986A|.83E103andecx,3
0040986D|.50pusheax;机器码入栈=KEY
0040986E|.F3:A4repmovsbyteptres:[edi],byteptrds:[e>
00409870|.53pushebx
00409871|.8BCBmovecx,ebx
00409873|.E8B8FEFFFFcallTaxExper.00409730;Des_SetKey(constcharKey[8])
00409878|.83FD08cmpebp,8;机器码长度是否小于等于8
0040987B|.5Fpopedi
0040987C|.5Epopesi
0040987D|.7E22jleshortTaxExper.004098A1;Is3DES=len>8?(SetSubKey(&SubKey[1],&deskey[8]),true):false;
0040987F|.8D8309070000leaeax,dwordptrds:[ebx+709]
00409885|.50pusheax;EAX=G3RZ3C
00409886|.8D8B00030000leaecx,dwordptrds:[ebx+300]
0040988C|.51pushecx
0040988D|.8BCBmovecx,ebx
0040988F|.E89CFEFFFFcallTaxExper.00409730
00409894|.B001moval,1
00409896|.5Dpopebp
00409897|.888300060000movbyteptrds:[ebx+600],al
0040989D|.5Bpopebx

====================================================================================================

00409730/$8B442408moveax,dwordptrss:[esp+8]
00409734|.53pushebx
00409735|.55pushebp
00409736|.56pushesi
00409737|.57pushedi
00409738|.6A40push40;64
0040973A|.50pusheax;KEY=机器码
0040973B|.68A0A64E00pushTaxExper.004EA6A0;K
00409740|.8BF9movedi,ecx
00409742|.E849FFFFFFcallTaxExper.00409690;ByteToBit(K,Key,64);
00409747|.6A38push38;38=56
00409749|.6868C54B00pushTaxExper.004BC568;PC1_Table[56]
0040974E|.68A0A64E00pushTaxExper.004EA6A0;K
00409753|.68A0A64E00pushTaxExper.004EA6A0;K
00409758|.8BCFmovecx,edi
0040975A|.E851FEFFFFcallTaxExper.004095B0;Transform(K,K,PC1_Table,56);
0040975F|.8B5C2414movebx,dwordptrss:[esp+14]
00409763|.8B2D9C744E00movebp,dwordptrds:[4E749C];TaxExper.004EA6A0
00409769|.33F6xoresi,esi
0040976B|.EB03jmpshortTaxExper.00409770
0040976D|8D4900leaecx,dwordptrds:[ecx]
00409770|>0FBE8ED0C54B00/movsxecx,byteptrds:[esi+4BC5D0];[4BC5D0]=LOOP_Table[16]
00409777|.51|pushecx;LOOP_Table
00409778|.6A1C|push1C;1C=28
0040977A|.55|pushebp;KL
0040977B|.8BCF|movecx,edi
0040977D|.E8AEFEFFFF|callTaxExper.00409630;RotateL(KL,28,LOOP_Table);
00409782|.0FBE96D0C54B00|movsxedx,byteptrds:[esi+4BC5D0]
00409789|.A198744E00|moveax,dwordptrds:[4E7498]
0040978E|.52|pushedx
0040978F|.6A1C|push1C
00409791|.50|pusheax
00409792|.8BCF|movecx,edi
00409794|.E897FEFFFF|callTaxExper.00409630;RotateL(KL,28,LOOP_Table);
00409799|.6A30|push30;48
0040979B|.68A0C54B00|pushTaxExper.004BC5A0
004097A0|.68A0A64E00|pushTaxExper.004EA6A0
004097A5|.53|pushebx
004097A6|.8BCF|movecx,edi
004097A8|.E803FEFFFF|callTaxExper.004095B0;Transform(SubKey,K,PC2_Table,48);
004097AD|.46|incesi
004097AE|.83C330|addebx,30
004097B1|.83FE10|cmpesi,10
004097B4|.^7CBA\jlshortTaxExper.00409770;for(inti=0;i<16;i++)
004097B6|.5Fpopedi
004097B7|.5Epopesi
004097B8|.5Dpopebp
004097B9|.5Bpopebx
004097BA\.C20800retn8

=================================================================================================
00409730/$8B442408moveax,dwordptrss:[esp+8]
00409734|.53pushebx
00409735|.55pushebp
00409736|.56pushesi
00409737|.57pushedi
00409738|.6A40push40;64
0040973A|.50pusheax;KEY=机器码
0040973B|.68A0A64E00pushTaxExper.004EA6A0;K
00409740|.8BF9movedi,ecx
00409742|.E849FFFFFFcallTaxExper.00409690;ByteToBit(K,Key,64);
00409747|.6A38push38;38=56
00409749|.6868C54B00pushTaxExper.004BC568;PC1_Table[56]
0040974E|.68A0A64E00pushTaxExper.004EA6A0;K
00409753|.68A0A64E00pushTaxExper.004EA6A0;K
00409758|.8BCFmovecx,edi
0040975A|.E851FEFFFFcallTaxExper.004095B0;Transform(K,K,PC1_Table,56);
0040975F|.8B5C2414movebx,dwordptrss:[esp+14]
00409763|.8B2D9C744E00movebp,dwordptrds:[4E749C];TaxExper.004EA6A0
00409769|.33F6xoresi,esi
0040976B|.EB03jmpshortTaxExper.00409770
0040976D|8D4900leaecx,dwordptrds:[ecx]
00409770|>0FBE8ED0C54B00/movsxecx,byteptrds:[esi+4BC5D0];[4BC5D0]=LOOP_Table[16]
00409777|.51|pushecx;LOOP_Table
00409778|.6A1C|push1C;1C=28
0040977A|.55|pushebp;KL
0040977B|.8BCF|movecx,edi
0040977D|.E8AEFEFFFF|callTaxExper.00409630;RotateL(KL,28,LOOP_Table);
00409782|.0FBE96D0C54B00|movsxedx,byteptrds:[esi+4BC5D0]
00409789|.A198744E00|moveax,dwordptrds:[4E7498]
0040978E|.52|pushedx
0040978F|.6A1C|push1C
00409791|.50|pusheax
00409792|.8BCF|movecx,edi
00409794|.E897FEFFFF|callTaxExper.00409630;RotateL(KL,28,LOOP_Table);
00409799|.6A30|push30;48
0040979B|.68A0C54B00|pushTaxExper.004BC5A0
004097A0|.68A0A64E00|pushTaxExper.004EA6A0
004097A5|.53|pushebx
004097A6|.8BCF|movecx,edi
004097A8|.E803FEFFFF|callTaxExper.004095B0;Transform(SubKey,K,PC2_Table,48);
004097AD|.46|incesi
004097AE|.83C330|addebx,30
004097B1|.83FE10|cmpesi,10
004097B4|.^7CBA\jlshortTaxExper.00409770;for(inti=0;i<16;i++)
004097B6|.5Fpopedi
004097B7|.5Epopesi
004097B8|.5Dpopebp
004097B9|.5Bpopebx
======================================================================================================
00409830/$53pushebx
00409831|.8BD9movebx,ecx
00409833|.33C9xorecx,ecx;ECX=0
00409835|.8D8301070000leaeax,dwordptrds:[ebx+701]
0040983B|.8BD0movedx,eax
0040983D|.890Amovdwordptrds:[edx],ecx
0040983F|.894A04movdwordptrds:[edx+4],ecx
00409842|.55pushebp
00409843|.8B6C2410movebp,dwordptrss:[esp+10];机器码长度
00409847|.83FD10cmpebp,10;机器码长度是否大于16
0040984A|.894A08movdwordptrds:[edx+8],ecx
0040984D|.894A0Cmovdwordptrds:[edx+C],ecx
00409850|.B910000000movecx,10
00409855|.7F02jgshortTaxExper.00409859
00409857|.8BCDmovecx,ebp
00409859|>56pushesi
0040985A|.8B742410movesi,dwordptrss:[esp+10];机器码
0040985E|.8BD1movedx,ecx
00409860|.57pushedi
00409861|.C1E902shrecx,2
00409864|.8BF8movedi,eax
00409866|.F3:A5repmovsdwordptres:[edi],dwordptrds:>
00409868|.8BCAmovecx,edx
0040986A|.83E103andecx,3
0040986D|.50pusheax;机器码入栈=KEY
0040986E|.F3:A4repmovsbyteptres:[edi],byteptrds:[e>
00409870|.53pushebx
00409871|.8BCBmovecx,ebx
00409873|.E8B8FEFFFFcallTaxExper.00409730;Des_SetKey(constcharKey[8])
00409878|.83FD08cmpebp,8;机器码长度是否小于等于8
0040987B|.5Fpopedi
0040987C|.5Epopesi
0040987D|.7E22jleshortTaxExper.004098A1;Is3DES=len>8?(SetSubKey(&SubKey[1],&deskey[8]),true):false;
0040987F|.8D8309070000leaeax,dwordptrds:[ebx+709]
00409885|.50pusheax;EAX=G3RZ3C
00409886|.8D8B00030000leaecx,dwordptrds:[ebx+300]
0040988C|.51pushecx
0040988D|.8BCBmovecx,ebx
0040988F|.E89CFEFFFFcallTaxExper.00409730
00409894|.B001moval,1
00409896|.5Dpopebp
00409897|.888300060000movbyteptrds:[ebx+600],al
0040989D|.5Bpopebx

==========================================================================================================
00409A40/$53pushebx
00409A41|.55pushebp
00409A42|.56pushesi
00409A43|.57pushedi
00409A44|.8B7C2414movedi,dwordptrss:[esp+14]
00409A48|.85FFtestedi,edi
00409A4A|.8BF1movesi,ecx
00409A4C|.0F84C3000000jeTaxExper.00409B15;机器码是否等于0
00409A52|.8B6C2418movebp,dwordptrss:[esp+18]
00409A56|.85EDtestebp,ebp;REGSTR[]是否为空
00409A58|.0F84B7000000jeTaxExper.00409B15
00409A5E|.8B442420moveax,dwordptrss:[esp+20]
00409A62|.85C0testeax,eax
00409A64|.0F84AB000000jeTaxExper.00409B15
00409A6A|.8B5C241Cmovebx,dwordptrss:[esp+1C]
00409A6E|.83C307addebx,7
00409A71|.83E3F8andebx,FFFFFFF8;EBX=0X10
00409A74|.0F849B000000jeTaxExper.00409B15
00409A7A|.8B4C2424movecx,dwordptrss:[esp+24]
00409A7E|.51pushecx;机器码长度
00409A7F|.50pusheax;机器码入栈
00409A80|.8BCEmovecx,esi
00409A82|.E8A9FDFFFFcallTaxExper.00409830;算法进入
00409A87|.8A8600060000moval,byteptrds:[esi+600]
00409A8D|.C1FB03sarebx,3;EBXSHR3
00409A90|.84C0testal,al
00409A92|.7525jnzshortTaxExper.00409AB9;!Is3DES
00409A94|.85DBtestebx,ebx
00409A96|.7E74jleshortTaxExper.00409B0C
00409A98|>8B542428/movedx,dwordptrss:[esp+28];//1次DES
00409A9C|.52|pushedx
00409A9D|.56|pushesi
00409A9E|.55|pushebp
00409A9F|.57|pushedi
00409AA0|.8BCE|movecx,esi
00409AA2|.E859FEFFFF|callTaxExper.00409900;DES(Out,In,&SubKey[0],Type);
00409AA7|.83C708|addedi,8
00409AAA|.83C508|addebp,8
00409AAD|.4B|decebx
00409AAE|.^75E8\jnzshortTaxExper.00409A98
00409AB0|.5Fpopedi
00409AB1|.5Epopesi
00409AB2|.5Dpopebp
00409AB3|.B001moval,1
00409AB5|.5Bpopebx
00409AB6|.C21800retn18

==================================================================================================
注册成功写入注册表。
00409020/$6AFFpush-1
00409022|.685C274B00pushTaxExper.004B275C;SE句柄安装
00409027|.64:A100000000moveax,dwordptrfs:[0]
0040902D|.50pusheax
0040902E|.64:892500000000movdwordptrfs:[0],esp
00409035|.81EC80000000subesp,80
0040903B|.53pushebx
0040903C|.55pushebp
0040903D|.56pushesi
0040903E|.8BF1movesi,ecx
00409040|.57pushedi
00409041|.8974241Cmovdwordptrss:[esp+1C],esi
00409045|.E8F6A50200callTaxExper.00433640
0040904A|.33DBxorebx,ebx
0040904C|.8D8EB8030000leaecx,dwordptrds:[esi+3B8]
00409052|.899C2498000000movdwordptrss:[esp+98],ebx
00409059|.C70640BF4B00movdwordptrds:[esi],TaxExper.004BBF40
0040905F|.C786D00000003CBF4>movdwordptrds:[esi+D0],TaxExper.004BBF>
00409069|.E872780300callTaxExper.004408E0
0040906E|.8D8E60040000leaecx,dwordptrds:[esi+460]
00409074|.C684249800000001movbyteptrss:[esp+98],1
0040907C|.E87F5F0300callTaxExper.0043F000
00409081|.8D8E38060000leaecx,dwordptrds:[esi+638]
00409087|.C684249800000002movbyteptrss:[esp+98],2
0040908F|.E85F370800callTaxExper.0048C7F3
00409094|.8D8E40060000leaecx,dwordptrds:[esi+640]
0040909A|.C684249800000003movbyteptrss:[esp+98],3
004090A2|.E84C370800callTaxExper.0048C7F3
004090A7|.8D8E48060000leaecx,dwordptrds:[esi+648]
004090AD|.C684249800000004movbyteptrss:[esp+98],4
004090B5|.E8B6840300callTaxExper.00441570
004090BA|.8D8E64070000leaecx,dwordptrds:[esi+764]
004090C0|.C684249800000005movbyteptrss:[esp+98],5
004090C8|.E883FD0300callTaxExper.00448E50
004090CD|.8D8E60080000leaecx,dwordptrds:[esi+860]
004090D3|.C684249800000006movbyteptrss:[esp+98],6
004090DB|.E8F0F30300callTaxExper.004484D0
004090E0|.8D8E54090000leaecx,dwordptrds:[esi+954]
004090E6|.C684249800000007movbyteptrss:[esp+98],7
004090EE|.E8DDF30300callTaxExper.004484D0
004090F3|.8D8E480A0000leaecx,dwordptrds:[esi+A48]
004090F9|.C684249800000008movbyteptrss:[esp+98],8
00409101|.E8CAF30300callTaxExper.004484D0
00409106|.8D8E3C0B0000leaecx,dwordptrds:[esi+B3C]
0040910C|.C684249800000009movbyteptrss:[esp+98],9
00409114|.E8B7F30300callTaxExper.004484D0
00409119|.8D8E380C0000leaecx,dwordptrds:[esi+C38]
0040911F|.C68424980000000Amovbyteptrss:[esp+98],0A
00409127|.E8247A0200callTaxExper.00430B50
0040912C|.899EC40D0000movdwordptrds:[esi+DC4],ebx
00409132|.C786C00D0000AC264>movdwordptrds:[esi+DC0],TaxExper.004C2>
0040913C|.8D8EC80D0000leaecx,dwordptrds:[esi+DC8]
00409142|.C68424980000000Cmovbyteptrss:[esp+98],0C
0040914A|.E8813C0200callTaxExper.0042CDD0
0040914F|.C68424980000000Dmovbyteptrss:[esp+98],0D
00409157|.E8D3B20800callTaxExper.0049442F
0040915C|.8B10movedx,dwordptrds:[eax]
0040915E|.8BC8movecx,eax
00409160|.FF520Ccalldwordptrds:[edx+C]
00409163|.83C010addeax,10
00409166|.8986300E0000movdwordptrds:[esi+E30],eax
0040916C|.C68424980000000Emovbyteptrss:[esp+98],0E
00409174|.E8B6B20800callTaxExper.0049442F
00409179|.8B10movedx,dwordptrds:[eax]
0040917B|.8BC8movecx,eax
0040917D|.FF520Ccalldwordptrds:[edx+C]
00409180|.83C010addeax,10
00409183|.8986340E0000movdwordptrds:[esi+E34],eax
00409189|.C68424980000000Fmovbyteptrss:[esp+98],0F
00409191|.8DBE3C0E0000leaedi,dwordptrds:[esi+E3C]
00409197|.68BEB04B00pushTaxExper.004BB0BE
0040919C|.8BCFmovecx,edi
0040919E|.E87D91FFFFcallTaxExper.00402320
004091A3|.8DAE400E0000leaebp,dwordptrds:[esi+E40]
004091A9|.68BEB04B00pushTaxExper.004BB0BE
004091AE|.8BCDmovecx,ebp
004091B0|.C684249C00000010movbyteptrss:[esp+9C],10
004091B8|.E86391FFFFcallTaxExper.00402320
004091BD|.8D8E480E0000leaecx,dwordptrds:[esi+E48]
004091C3|.68BEB04B00pushTaxExper.004BB0BE
004091C8|.C684249C00000011movbyteptrss:[esp+9C],11
004091D0|.899E440E0000movdwordptrds:[esi+E44],ebx
004091D6|.E84591FFFFcallTaxExper.00402320
004091DB|.68BEB04B00pushTaxExper.004BB0BE
004091E0|.8D8E500E0000leaecx,dwordptrds:[esi+E50]
004091E6|.C684249C00000012movbyteptrss:[esp+9C],12
004091EE|.899E4C0E0000movdwordptrds:[esi+E4C],ebx
004091F4|.E82791FFFFcallTaxExper.00402320
004091F9|.6801000080push80000001
004091FE|.8D4C2424leaecx,dwordptrss:[esp+24]
00409202|.C684249C00000013movbyteptrss:[esp+9C],13
0040920A|.E8E1640200callTaxExper.0042F6F0
0040920F|.53pushebx
00409210|.688CC44B00pushTaxExper.004BC48C;ASCII"RegID"
00409215|.6870B34B00pushTaxExper.004BB370;ASCII"Settings"
0040921A|.8D44241Cleaeax,dwordptrss:[esp+1C]
0040921E|.50pusheax
0040921F|.8D4C2430leaecx,dwordptrss:[esp+30]
00409223|.C68424A800000014movbyteptrss:[esp+A8],14
0040922B|.E840650200callTaxExper.0042F770
00409230|.50pusheax
00409231|.8BCFmovecx,edi
00409233|.C684249C00000015movbyteptrss:[esp+9C],15
0040923B|.E8008CFFFFcallTaxExper.00401E40
00409240|.8B442410moveax,dwordptrss:[esp+10]
00409244|.83C0F0addeax,-10
00409247|.C684249800000014movbyteptrss:[esp+98],14
0040924F|.8D480Cleaecx,dwordptrds:[eax+C]
00409252|.83CAFForedx,FFFFFFFF
00409255|.F0:0FC111lockxadddwordptrds:[ecx],edx
00409259|.4Adecedx
0040925A|.85D2testedx,edx
0040925C|.7F08jgshortTaxExper.00409266
0040925E|.8B08movecx,dwordptrds:[eax]
00409260|.8B11movedx,dwordptrds:[ecx]
00409262|.50pusheax
00409263|.FF5204calldwordptrds:[edx+4]
00409266|>8B07moveax,dwordptrds:[edi]
00409268|.3958F4cmpdwordptrds:[eax-C],ebx
0040926B|.0F85C0000000jnzTaxExper.00409331
00409271|.8D4C2430leaecx,dwordptrss:[esp+30]
00409275|.51pushecx
00409276|.FF15D8A74B00calldwordptrds:[<&ole32.CoCreateGuid>];ole32.CoCreateGuid
0040927C|.6A27push27
0040927E|.8D542444leaedx,dwordptrss:[esp+44]
00409282|.52pushedx
00409283|.8D442438leaeax,dwordptrss:[esp+38]
00409287|.50pusheax
00409288|.FF15DCA74B00calldwordptrds:[<&ole32.StringFromGUID>;ole32.StringFromGUID2
0040928E|.8D4C2440leaecx,dwordptrss:[esp+40]
00409292|.51pushecx
00409293|.8D4C2414leaecx,dwordptrss:[esp+14]
00409297|.E824E6FFFFcallTaxExper.004078C0
0040929C|.6A7Bpush7B
0040929E|.8D4C2414leaecx,dwordptrss:[esp+14]
004092A2|.C684249C00000016movbyteptrss:[esp+9C],16
004092AA|.E871E1FFFFcallTaxExper.00407420
004092AF|.6A10push10
004092B1|.8D54241Cleaedx,dwordptrss:[esp+1C]
004092B5|.52pushedx
004092B6|.8D4C2418leaecx,dwordptrss:[esp+18]
004092BA|.E841E0FFFFcallTaxExper.00407300
004092BF|.50pusheax
004092C0|.8BCFmovecx,edi
004092C2|.C684249C00000017movbyteptrss:[esp+9C],17
004092CA|.E8718BFFFFcallTaxExper.00401E40
004092CF|.8B442418moveax,dwordptrss:[esp+18]
004092D3|.83C0F0addeax,-10
004092D6|.C684249800000016movbyteptrss:[esp+98],16
004092DE|.8D480Cleaecx,dwordptrds:[eax+C]
004092E1|.83CAFForedx,FFFFFFFF
004092E4|.F0:0FC111lockxadddwordptrds:[ecx],edx
004092E8|.4Adecedx
004092E9|.85D2testedx,edx
004092EB|.7F08jgshortTaxExper.004092F5
004092ED|.8B08movecx,dwordptrds:[eax]
004092EF|.8B11movedx,dwordptrds:[ecx]
004092F1|.50pusheax
004092F2|.FF5204calldwordptrds:[edx+4]
004092F5|>8B07moveax,dwordptrds:[edi]
004092F7|.50pusheax
004092F8|.688CC44B00pushTaxExper.004BC48C;ASCII"RegID"
004092FD|.6870B34B00pushTaxExper.004BB370;ASCII"Settings"
00409302|.8D4C242Cleaecx,dwordptrss:[esp+2C]
00409306|.E8B5610200callTaxExper.0042F4C0
0040930B|.8B442410moveax,dwordptrss:[esp+10]
0040930F|.83C0F0addeax,-10
00409312|.C684249800000014movbyteptrss:[esp+98],14
0040931A|.8D480Cleaecx,dwordptrds:[eax+C]
0040931D|.83CAFForedx,FFFFFFFF
00409320|.F0:0FC111lockxadddwordptrds:[ecx],edx
00409324|.4Adecedx
00409325|.85D2testedx,edx
00409327|.7F08jgshortTaxExper.00409331
00409329|.8B08movecx,dwordptrds:[eax]
0040932B|.8B11movedx,dwordptrds:[ecx]
0040932D|.50pusheax
0040932E|.FF5204calldwordptrds:[edx+4]
00409331|>8D442418leaeax,dwordptrss:[esp+18]
00409335|.50pusheax;/Arg1
00409336|.8BCEmovecx,esi;|
00409338|.E863F8FFFFcallTaxExper.00408BA0;\TaxExper.00408BA0
0040933D|.50pusheax
0040933E|.8BCDmovecx,ebp
00409340|.C684249C00000018movbyteptrss:[esp+9C],18
00409348|.E8F38AFFFFcallTaxExper.00401E40
0040934D|.8B442418moveax,dwordptrss:[esp+18]
00409351|.83C0F0addeax,-10
00409354|.C684249800000014movbyteptrss:[esp+98],14
0040935C|.8D480Cleaecx,dwordptrds:[eax+C]
0040935F|.83CAFForedx,FFFFFFFF
00409362|.F0:0FC111lockxadddwordptrds:[ecx],edx
00409366|.4Adecedx
00409367|.85D2testedx,edx
00409369|.7F08jgshortTaxExper.00409373
0040936B|.8B08movecx,dwordptrds:[eax]
0040936D|.8B11movedx,dwordptrds:[ecx]
0040936F|.50pusheax
00409370|.FF5204calldwordptrds:[edx+4]
00409373|>8B4500moveax,dwordptrss:[ebp]
00409376|.3958F4cmpdwordptrds:[eax-C],ebx
00409379|.7457jeshortTaxExper.004093D2
0040937B|.C786440E000072000>movdwordptrds:[esi+E44],72
00409385|.8378F410cmpdwordptrds:[eax-C],10
00409389|.7E44jleshortTaxExper.004093CF
0040938B|.6A10push10
0040938D|.8D44241Cleaeax,dwordptrss:[esp+1C]
00409391|.50pusheax
00409392|.8BCDmovecx,ebp
00409394|.E867DFFFFFcallTaxExper.00407300
00409399|.50pusheax
0040939A|.8BCDmovecx,ebp
0040939C|.C684249C00000019movbyteptrss:[esp+9C],19
004093A4|.E8978AFFFFcallTaxExper.00401E40
004093A9|.8B442418moveax,dwordptrss:[esp+18]
004093AD|.83C0F0addeax,-10
004093B0|.C684249800000014movbyteptrss:[esp+98],14
004093B8|.8D480Cleaecx,dwordptrds:[eax+C]
004093BB|.83CAFForedx,FFFFFFFF
004093BE|.F0:0FC111lockxadddwordptrds:[ecx],edx
004093C2|.4Adecedx
004093C3|.85D2testedx,edx
004093C5|.7F08jgshortTaxExper.004093CF
004093C7|.8B08movecx,dwordptrds:[eax]
004093C9|.8B11movedx,dwordptrds:[ecx]
004093CB|.50pusheax
004093CC|.FF5204calldwordptrds:[edx+4]
004093CF|>55pushebp
004093D0|.EB0BjmpshortTaxExper.004093DD
004093D2|>C786440E000073000>movdwordptrds:[esi+E44],73
004093DC|.57pushedi
004093DD|>8D8E480E0000leaecx,dwordptrds:[esi+E48]
004093E3|.E8588AFFFFcallTaxExper.00401E40
004093E8|.8BCEmovecx,esi
004093EA|.E8A1DCFFFFcallTaxExper.00407090
004093EF|.53pushebx;/Arg3=00000000
004093F0|.6874B64B00pushTaxExper.004BB674;|Arg2=004BB674ASCII"UserInputFileIndex"
004093F5|.6870B34B00pushTaxExper.004BB370;|Arg1=004BB370ASCII"Settings"
004093FA|.8D4C242Cleaecx,dwordptrss:[esp+2C];|
004093FE|.89864C0E0000movdwordptrds:[esi+E4C],eax;|
00409404|.E867610200callTaxExper.0042F570;\TaxExper.0042F570
00409409|.3BC3cmpeax,ebx
0040940B|.7518jnzshortTaxExper.00409425
0040940D|.6830750000push7530;/Arg3=00007530
00409412|.6874B64B00pushTaxExper.004BB674;|Arg2=004BB674ASCII"UserInputFileIndex"
00409417|.6870B34B00pushTaxExper.004BB370;|Arg1=004BB370ASCII"Settings"
0040941C|.8D4C242Cleaecx,dwordptrss:[esp+2C];|
00409420|.E8FB5F0200callTaxExper.0042F420;\TaxExper.0042F420
00409425|>B8BEB04B00moveax,TaxExper.004BB0BE
0040942A|.8D5001leaedx,dwordptrds:[eax+1]
0040942D|.8D4900leaecx,dwordptrds:[ecx]
00409430|>8A08/movcl,byteptrds:[eax]
00409432|.40|inceax
00409433|.3ACB|cmpcl,bl
00409435|.^75F9\jnzshortTaxExper.00409430
00409437|.2BC2subeax,edx
00409439|.50pusheax
0040943A|.68BEB04B00pushTaxExper.004BB0BE
0040943F|.8D8E300E0000leaecx,dwordptrds:[esi+E30]
00409445|.E8F685FFFFcallTaxExper.00401A40
0040944A|.B8BEB04B00moveax,TaxExper.004BB0BE
0040944F|.8D7801leaedi,dwordptrds:[eax+1]
00409452|>8A08/movcl,byteptrds:[eax]
00409454|.40|inceax
00409455|.3ACB|cmpcl,bl
00409457|.^75F9\jnzshortTaxExper.00409452
00409459|.2BC7subeax,edi
0040945B|.50pusheax
0040945C|.68BEB04B00pushTaxExper.004BB0BE
00409461|.8D8E340E0000leaecx,dwordptrds:[esi+E34]
00409467|.E8D485FFFFcallTaxExper.00401A40
0040946C|.6A01push1;/Arg3=00000001
0040946E|.6834BF4B00pushTaxExper.004BBF34;|Arg2=004BBF34ASCII"bXPMode"
00409473|.6870B34B00pushTaxExper.004BB370;|Arg1=004BB370ASCII"Settings"
00409478|.8D4C242Cleaecx,dwordptrss:[esp+2C];|
0040947C|.899E380E0000movdwordptrds:[esi+E38],ebx;|
00409482|.899E340C0000movdwordptrds:[esi+C34],ebx;|
00409488|.889EB4030000movbyteptrds:[esi+3B4],bl;|
0040948E|.899E300C0000movdwordptrds:[esi+C30],ebx;|
00409494|.E8D7600200callTaxExper.0042F570;\TaxExper.0042F570
00409499|.8BF8movedi,eax
0040949B|.E8D0B80200callTaxExper.00434D70
004094A0|.53pushebx
004094A1|.687CB34B00pushTaxExper.004BB37C;ASCII"pwd"
004094A6|.89B844010000movdwordptrds:[eax+144],edi
004094AC|.6870B34B00pushTaxExper.004BB370;ASCII"Settings"
004094B1|.8D442420leaeax,dwordptrss:[esp+20]
004094B5|.50pusheax
004094B6|.8D4C2430leaecx,dwordptrss:[esp+30]
004094BA|.E8B1620200callTaxExper.0042F770
004094BF|.8B4C2414movecx,dwordptrss:[esp+14]
004094C3|.3959F4cmpdwordptrds:[ecx-C],ebx
004094C6|.C68424980000001Amovbyteptrss:[esp+98],1A
004094CE|.7518jnzshortTaxExper.004094E8
004094D0|.6888C44B00pushTaxExper.004BC488;ASCII"123"
004094D5|.687CB34B00pushTaxExper.004BB37C;ASCII"pwd"
004094DA|.6870B34B00pushTaxExper.004BB370;ASCII"Settings"
004094DF|.8D4C242Cleaecx,dwordptrss:[esp+2C]
004094E3|.E8D85F0200callTaxExper.0042F4C0
004094E8|>E883B80200callTaxExper.00434D70
004094ED|.C7804801000001000>movdwordptrds:[eax+148],1
004094F7|.8B442414moveax,dwordptrss:[esp+14]
004094FB|.83C0F0addeax,-10
004094FE|.C684249800000014movbyteptrss:[esp+98],14
00409506|.8D500Cleaedx,dwordptrds:[eax+C]
00409509|.83C9FForecx,FFFFFFFF
0040950C|.F0:0FC10Alockxadddwordptrds:[edx],ecx
00409510|.49dececx
00409511|.85C9testecx,ecx
00409513|.7F08jgshortTaxExper.0040951D
00409515|.8B08movecx,dwordptrds:[eax]
00409517|.8B11movedx,dwordptrds:[ecx]
00409519|.50pusheax
0040951A|.FF5204calldwordptrds:[edx+4]
0040951D|>8D4C2420leaecx,dwordptrss:[esp+20]
00409521|.C684249800000013movbyteptrss:[esp+98],13
00409529|.E8C25E0200callTaxExper.0042F3F0
0040952E|.8B8C2490000000movecx,dwordptrss:[esp+90]
00409535|.5Fpopedi
00409536|.8BC6moveax,esi
00409538|.5Epopesi
00409539|.5Dpopebp
0040953A|.5Bpopebx
0040953B|.64:890D00000000movdwordptrfs:[0],ecx
00409542|.81C48C000000addesp,8C
00409548\.C3retn

=================================================================================================
算法总结：利用注册文件的字符进行3DES加密，你如果不懂3DES就无法进行逆推了。最好把3DES加密算法搞明白
再做注册机。看一下注册机C代码就一目了然了。
LRESULTCALLBACKWndProc(HWNDhWnd,UINTmessage,WPARAMwParam,LPARAMlParam)
{
intwmId,wmEvent,i,j;
PAINTSTRUCTps;
HDChdc;
HANDLEhFile;
DWORDdwLen;
charBuffer[889]="0";

charkey[]="VNC220A2G3RZ3C",buf[255];
charstr[]="TaxExpert-V2003";



HANDLEhFileMapping;

switch(message)
{
caseWM_COMMAND:
wmId=LOWORD(wParam);
wmEvent=HIWORD(wParam);
//分析菜单选择:
switch(wmId)
{
caseIDM_about :
DialogBox(hInst,(LPCTSTR)IDD_ABOUTBOX,hWnd,(DLGPROC)About);
break;
caseIDM_EXIT:
DestroyWindow(hWnd);
break;
caseID_NEW:
memset(buf,0,sizeof(buf));

strcpy(buf,str);

for(i=0;i<888;i++)
{
Buffer=0x41+i%58;
}
for(i=213,j=0;i<229;i++,j++)
{
Buffer=0x30+j%0xf;
}

Des_Go(buf,buf,sizeof(str),key,sizeof(key),ENCRYPT);//加密
for(i=213,j=0;i<229;i++,j++)
{
Buffer=buf[j];
}




hFile=CreateFile(TEXT("TaxExpert.nfo"),
GENERIC_WRITE|GENERIC_READ,
FILE_SHARE_READ,
NULL,
CREATE_ALWAYS,
FILE_FLAG_SEQUENTIAL_SCAN,
NULL);

if(hFile!=INVALID_HANDLE_VALUE)//打开hFile成功
{
//ReadFile(hFile,Buffer,BufSize,&nBytesRead,NULL);从hFile里读取数据到Buffer里

WriteFile(hFile,Buffer,888,&dwLen,NULL);
//把Buffer里面的BytesToWrite字节写入hPipe

}

CloseHandle(hFile);

break;

3DES加密代码利用了王俊川的C代码。再次感谢！
/////////////////////////WjcDes.C/////////////////////////////////////////////////
/*
Providedby王俊川,NortheasternUniversity(www.neu.edu.cn)
Email:blackdrn@sohu.com
Thisproductisfreeforuse.
*/
//////////////////////////////////////////////////////////////////////////

#include
#include"WjcDes.h"
#include"stdafx.h"
//////////////////////////////////////////////////////////////////////////

//initialpermutationIP
conststaticcharIP_Table[64]={
58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,
62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,
57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,
61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7
};
//finalpermutationIP^-1
conststaticcharIPR_Table[64]={
40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,
38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,
36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,
34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25
};
//expansionoperationmatrix
staticconstcharE_Table[48]={
32,1,2,3,4,5,4,5,6,7,8,9,
8,9,10,11,12,13,12,13,14,15,16,17,
16,17,18,19,20,21,20,21,22,23,24,25,
24,25,26,27,28,29,28,29,30,31,32,1
};
//32-bitpermutationfunctionPusedontheoutputoftheS-boxes
conststaticcharP_Table[32]={
16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,
2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25
};
//permutedchoicetable(key)
conststaticcharPC1_Table[56]={
57,49,41,33,25,17,9,1,58,50,42,34,26,18,
10,2,59,51,43,35,27,19,11,3,60,52,44,36,
63,55,47,39,31,23,15,7,62,54,46,38,30,22,
14,6,61,53,45,37,29,21,13,5,28,20,12,4
};
//permutedchoicekey(table)
conststaticcharPC2_Table[48]={
14,17,11,24,1,5,3,28,15,6,21,10,
23,19,12,4,26,8,16,7,27,20,13,2,
41,52,31,37,47,55,30,40,51,45,33,48,
44,49,39,56,34,53,46,42,50,36,29,32
};
//numberleftrotationsofpc1
conststaticcharLOOP_Table[16]={
1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1
};
//The(in)famousS-boxes
conststaticcharS_Box[8][4][16]={
//S1
14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7,
0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8,
4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0,
15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13,
//S2
15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10,
3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5,
0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15,
13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9,
//S3
10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8,
13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1,
13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7,
1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12,
//S4
7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15,
13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9,
10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4,
3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14,
//S5
2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9,
14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6,
4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14,
11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3,
//S6
12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11,
10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8,
9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6,
4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13,
//S7
4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1,
13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6,
1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2,
6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12,
//S8
13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,
1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,
7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,
2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11
};

//////////////////////////////////////////////////////////////////////////

typedefbool(*PSubKey)[16][48];

//////////////////////////////////////////////////////////////////////////

staticvoidDES(charOut[8],charIn[8],constPSubKeypSubKey,boolType);//标准DES加/解密
staticvoidSetKey(constchar*Key,intlen);//设置密钥
staticvoidSetSubKey(PSubKeypSubKey,constcharKey[8]);//设置子密钥
staticvoidF_func(boolIn[32],constboolKi[48]);//f函数
staticvoidS_func(boolOut[32],constboolIn[48]);//S盒代替
staticvoidTransform(bool*Out,bool*In,constchar*Table,intlen);//变换
staticvoidXor(bool*InA,constbool*InB,intlen);//异或
staticvoidRotateL(bool*In,intlen,intloop);//循环左移
staticvoidByteToBit(bool*Out,constchar*In,intbits);//字节组转换成位组
staticvoidBitToByte(char*Out,constbool*In,intbits);//位组转换成字节组

//////////////////////////////////////////////////////////////////////////

staticboolSubKey[2][16][48];//16圈子密钥
staticboolIs3DES;//3次DES标志
staticcharTmp[256],deskey[16];

//////////////////////////////////////////////////////////////////////////

//////////////////////////////////////////////////////////////////////////
//CodestartsfromLine130
//////////////////////////////////////////////////////////////////////////
boolDes_Go(char*Out,char*In,longdatalen,constchar*Key,intkeylen,boolType)
{
if(!(Out&&In&&Key&&(datalen=(datalen+7)&0xfffffff8)))
returnfalse;
SetKey(Key,keylen);
if(!Is3DES){//1次DES
for(longi=0,j=datalen>>3;iDES(Out,In,&SubKey[0],Type);
}else{//3次DES加密:加(key0)-解(key1)-加(key0)解密::解(key0)-加(key1)-解(key0)
for(longi=0,j=datalen>>3;iDES(Out,In,&SubKey[0],Type);
DES(Out,Out,&SubKey[1],!Type);
DES(Out,Out,&SubKey[0],Type);
}
}
returntrue;
}
voidSetKey(constchar*Key,intlen)
{
memset(deskey,0,16);
memcpy(deskey,Key,len>16?16:len);
SetSubKey(&SubKey[0],&deskey[0]);
Is3DES=len>8?(SetSubKey(&SubKey[1],&deskey[8]),true):false;
}
voidDES(charOut[8],charIn[8],constPSubKeypSubKey,boolType)
{
staticboolM[64],tmp[32],*Li=&M[0],*Ri=&M[32];
ByteToBit(M,In,64);
Transform(M,M,IP_Table,64);
if(Type==ENCRYPT){
for(inti=0;i<16;++i){
memcpy(tmp,Ri,32);
F_func(Ri,(*pSubKey));
Xor(Ri,Li,32);
memcpy(Li,tmp,32);
}
}else{
for(inti=15;i>=0;--i){
memcpy(tmp,Li,32);
F_func(Li,(*pSubKey));
Xor(Li,Ri,32);
memcpy(Ri,tmp,32);
}
}
Transform(M,M,IPR_Table,64);
BitToByte(Out,M,64);
}
voidSetSubKey(PSubKeypSubKey,constcharKey[8])
{
staticboolK[64],*KL=&K[0],*KR=&K[28];
ByteToBit(K,Key,64);
Transform(K,K,PC1_Table,56);
for(inti=0;i<16;++i){
RotateL(KL,28,LOOP_Table);
RotateL(KR,28,LOOP_Table);
Transform((*pSubKey),K,PC2_Table,48);
}
}
voidF_func(boolIn[32],constboolKi[48])
{
staticboolMR[48];
Transform(MR,In,E_Table,48);
Xor(MR,Ki,48);
S_func(In,MR);
Transform(In,In,P_Table,32);
}
voidS_func(boolOut[32],constboolIn[48])
{
for(chari=0,j,k;i<8;++i,In+=6,Out+=4){
j=(In[0]<<1)+In[5];
k=(In[1]<<3)+(In[2]<<2)+(In[3]<<1)+In[4];
ByteToBit(Out,&S_Box[j][k],4);
}
}
voidTransform(bool*Out,bool*In,constchar*Table,intlen)
{
for(inti=0;iTmp=In[Table-1];
memcpy(Out,Tmp,len);
}
voidXor(bool*InA,constbool*InB,intlen)
{
for(inti=0;iInA^=InB;
}
voidRotateL(bool*In,intlen,intloop)
{
memcpy(Tmp,In,loop);
memcpy(In,In+loop,len-loop);
memcpy(In+len-loop,Tmp,loop);
}
voidByteToBit(bool*Out,constchar*In,intbits)
{
for(inti=0;iOut=(In[i>>3]>>(i&7))&1;
}
voidBitToByte(char*Out,constbool*In,intbits)
{
memset(Out,0,bits>>3);
for(inti=0;iOut[i>>3]|=In<<(i&7);
}
//////////////////////////////////////////////////////////////////////////
//CodeendsatLine231
//////////////////////////////////////////////////////////////////////////